1

I'm working on a GitHub Repo that belongs to an organisation that uses SAML SSO login. We build Golang packages and use them in our different projects. These Golang packages also get imported into our GitHub workflow where we run our Build and Test jobs. We are getting errors in importing packages and I read that we have to use a GitHub PAT to authenticate GitHub API for private packages of Orgs using SAML SSO. We created a PAT from one of our developer accounts and used it in the workflow and it worked. The problem with this approach is that the PAT from a user account might not be best to use in CI/CD since a person can leave the org and GitHub will delete the PAT after the account gets deactivated.

We have GitHub teams created that has all the users working in teams linked together and I believe a PAT of a GitHub Team would be ideal to use in CI/CD pipelines since it is not dependent on any user. There's another method of having machine accounts but that takes up an unnecessary seat in the org. I want to know if there is a way to create PAT for a GitHub team? Or how do other people with similar situations handle this, since I feel many would have thought of this. Similar post

Adam Marshall
  • 6,369
  • 1
  • 29
  • 45
Sunny Ramrakhiani
  • 33
  • 1
  • 1
  • 4

1 Answers1

0

Why not creating a separate github account exclusively for the team?

(We currently do it at the organization level in the company where I work at)

That way, you can get and use this account Personnal Access Token as you wish inside the team repositories and workflows without even worrying about this account leaving the team (as it has been created for it).

It would be like a team admin account.

GuiFalourd
  • 15,523
  • 8
  • 44
  • 71